08975e2665243e02ad55dd53892d907554b297bc19ba2e4d11334eb67b45f3a6

Sharing

Copy URL

Twitter E-mail

General

Target

Nezur_Executor4.zip
Size

18.6MB
Sample

241119-xhrkvszenf
MD5

b464744ab9c9ebd75169f1c8639e432a
SHA1

ce83cff14a367c1fc88fdf1b9aa3df2e64549d85
SHA256

08975e2665243e02ad55dd53892d907554b297bc19ba2e4d11334eb67b45f3a6
SHA512

37f4cd8560b480126ca38135cdac10d28e56f36ba42583b8cfbdaf6555bc656a2448c67fc715b2337e1db07d4d87ec9336e7f7ab5418bf2bb4f9a0206817beaf
SSDEEP

393216:f7gYled7NfP4aahSJKqI9jE8tdBMm50uoYwQGKgyjy6KUvQPnPTpXYi:5elhAaaAUqIFuuozP1yjtvQvdR

Score

7^/10

Malware Config

Targets

- Target
  
  Microsoft.Extensions.FileSystemGlobbing.dll
- Size
  
  44KB
- MD5
  
  470ad714b6cb486c3a64a918e72497a7
- SHA1
  
  13583e2627ff47fa64c192d8f91e06c4472e6cda
- SHA256
  
  ed0855b522f09b5a9ddbb85de62042c25e07d10044086da8620c845de41e473c
- SHA512
  
  6237af61b1f592fd10692906024fc970cd41f3db971c2a869aed392ad686a904edb19dae81cc247b691a26a7e5e554affdf0853b1e29938d6cea799e20343c77
- SSDEEP
  
  768:m0PO7gRE3x5o7UP04wqgYtqPRw02KO7I9Yfwbhgv5NFcEn9zT8n3:m02GE3xOwP04wqgYtm2nQY4Ngv5NFT96
Score

1^/10
behavioral1 behavioral2
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  575KB
- MD5
  
  ae3a2648bf76a4dfc83d5e0dcb68f3d4
- SHA1
  
  9c33e130e4f071f700321312317d0d66b2b3d8a4
- SHA256
  
  8ce541fab9d6334a97b6981e2ff1a72aa7979df913e93cb5be1536de0667cc5d
- SHA512
  
  8bb3dbb95386ccc5450fe0fd0853382092af8660009112646dca13f934e766b503fa7d9c1c91322326e0c9bae0df9643cbb2f101f256615a3b66e89d93e92aa5
- SSDEEP
  
  12288:emV6hdWrpQ322vy+uFKcDguRFNEMFeu+imQ269pRFZNIEJdIEY0lxEIPrEIgcvLz:j/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  0582173917034dc688d21a0307110809
- SHA1
  
  ac3ffb19925eee8edc4568b1715bf873784814c4
- SHA256
  
  4921c17b3cf8225a380ab1a07682fa57fcb50dc42669a010e8acb28739f418d4
- SHA512
  
  3da9b59ba73a151db587e24aea79153b607984d6a48fdce769d77b47ad72eb66c412e026363abcb096ca562a1938a260c8de4a81774bef83278e117ef4b79984
- SSDEEP
  
  768:fHNav/17oaKzbvttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZG4Kju6b+5ol:1avYvttZDgcEST3p4JjrjaJ+SG2au4xo
Score

1^/10
behavioral5 behavioral6
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  81KB
- MD5
  
  c7984acb66b1dd21f9f88113f7f295be
- SHA1
  
  4d6cc744c3ce66a79f5fe05913909919b6042d28
- SHA256
  
  d90b35a7804412550364088d8dd0402422d1ba23c8f0b2a845c043d032dc0304
- SHA512
  
  364fced6b4e3abb8dd40c49380aec218da394f485a1eb5c8f82d994d1fbcd7e08616e306fb06f8d0b198ec2ff7f0f580b8fd6d4586da4414d5ba237c5595e99c
- SSDEEP
  
  1536:6VzQfLOHAjUIOL3VwnhZ8fYSDHf9WyER30mpc4Jjr4YeUq9GhVU0o2zQvUuakWUp:Wcfyg4IjhZ8TDHf9c30mpc4Jjr4YeUqT
Score

1^/10
behavioral7 behavioral8
- Target
  
  Nezur.dll
- Size
  
  15.2MB
- MD5
  
  79b4048105f34e39143b5ec9cbbb754c
- SHA1
  
  270edf0a5d5e5801171435b5f8c813cbac3ebc20
- SHA256
  
  9a2601c7d10b7fb896429cc13ca6961f29dfc594b6eb1d4f7bebd36d4513a6d7
- SHA512
  
  e148df038131a5a4fece47c22286d0c5638e21019213d4c840abf277a23456422873a4ba5535f926ffb4bb12771393d8316306709f2cfb0354e4b2c9cbf44c4e
- SSDEEP
  
  393216:2EI9J9jTykIBEJy66FfEGdDS7OVIkXPqgK1SLoj:2t1mkIWg66LDS7UIkX/wSE
Score

7^/10

themida
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  Nezur_Interface.dll
- Size
  
  6.4MB
- MD5
  
  5e975740e102716f97f71abeaf5dcf62
- SHA1
  
  d57a5e40cb351eb739cffd24a6855ab21654063f
- SHA256
  
  f07c2a215d43e783f096810a3a89cdd8c3cd99b56c774e7cdb5ab399cc73bd36
- SHA512
  
  dd1ed65c09c6ae815b174b1eea0817f155bbf7541fc48aa0e63c51358a8b3948474e956adf1c6ec3713c49b524402603193a7bd8cb03710175e65b0b3b226d6e
- SSDEEP
  
  98304:AQuiXvqdeO4pbZVj9JPgBzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuYJg:ARiSZO9S2fasv+Bpt
Score

1^/10
behavioral11 behavioral12
- Target
  
  Nezur_Interface.exe
- Size
  
  154KB
- MD5
  
  7e7adfc3bdd9b766fb15521dc6b00f25
- SHA1
  
  ad6abf2d4dc87ae133be0aa8f2e77dc098ae8f8a
- SHA256
  
  3e08f027849d86c17909b507b25df78521afe175bcf30424f70ccabbfdf7665f
- SHA512
  
  29b33965f5a0b095b3fe8c16c88015584c62067fe3d78da4e4ec131d42918450dbec71e63bf7ba8917c531a4adccf8c0badf8c043523d959d964186789c01fab
- SSDEEP
  
  3072:WAi4pxpEHmAdx4/kyHRZa0YiRAl278IVn2JbS1cJa8lWjfl:WAi4pxpRkyHRZa0Gl278IVNc0cWD
Score

6^/10

discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral13 behavioral14
- Target
  
  runtimes/win-arm64/native/WebView2Loader.dll
- Size
  
  136KB
- MD5
  
  232e9d314b9bb9e677b1d79c7dc54e44
- SHA1
  
  5ad36b7a527acd76e7f5414459ba61ea319bd120
- SHA256
  
  dbd30934e8fb2706722a2b874719d62cbed47b1e473e3f684a66648e91f93def
- SHA512
  
  504230199dea2c72c47374240a6ef66fc648208bb5f01520d057dbdf13fb04f3508e1edfc2f2db3d6b8f7321d0d150d9192b7a20a4465b702b10126e1a2861be
- SSDEEP
  
  3072:rwe4zkOpEbtYRLMPM6OSRTA0gWEtJW9VDX4B2TX:UeEkOebMqgWEtJiVDX5b
Score

1^/10
behavioral15 behavioral16
- Target
  
  runtimes/win-x64/native/WebView2Loader.dll
- Size
  
  161KB
- MD5
  
  3fac859547077abafe806ff1e4709f47
- SHA1
  
  0366df220c5d224ee64a42c929574407d2e6d2c9
- SHA256
  
  f4d811cda483adb33220c5a856c5ec8dca3a095fde54b44f08e1279a6a5efd33
- SHA512
  
  9b7b7aabf6bdc11dfd74430336e02d7d2b96b6bbf352f1e2d158a4900bead364900820af56cf9af25366ff5704e2ffcc2458d45dc3efe00ebd0843d127ab7435
- SSDEEP
  
  3072:JX1/Z3TlTRTFOYfThTNTvDbS2bT4wdovPEKdIMsb1Z5AalipT3YEtJ5+PON2Yo:JDTlTRTFOYfThTNTvDhvZkPEKdI7pxEG
Score

1^/10
behavioral17
- Target
  
  runtimes/win-x86/native/WebView2Loader.dll
- Size
  
  113KB
- MD5
  
  999f67ef1a2d06beeaf85ec9b5d5d73d
- SHA1
  
  644b1768f8675b29fb53a51edb5d344fdf55946c
- SHA256
  
  4c24ade2c2a4cf652529fdf4259743fec824c628bdc056fc5c76c29e30e7c06c
- SHA512
  
  6399fda1c54bd26ce82b7d48ac1b7c9741d5abf68a67bd62ec53ea2a1f82caac2e9bfdb1cb22f5af3c8ca6f4789a888f6519e02941f6c33f6f9d3b0e58eb56f4
- SSDEEP
  
  3072:OnbFYqJx7sXRq2KVs9iiamgqeNZPTj7EtJlAlHJcgf4fm9pS:OZYqJx4gkYiavEtJe9f2mbS
Score

3^/10

discovery
behavioral18
- Target
  
  workspace/vape/GuiLibrary.lua
- Size
  
  319KB
- MD5
  
  ac1cee0caefeed479df85604e69873c6
- SHA1
  
  204e0f0793fd1e707d06d957c57b7a4c6fa471fa
- SHA256
  
  0521f91ffdfd8906464a0b79300b999335edb2f3cdb902093a2dfb25edf7beb1
- SHA512
  
  c1793b507653f37ff2bb8abf8d212fda57edd738bdb0cc84196e7d7d064069b07d7b47a95ca6f8ec6db8bf9a39a4d0b6465a12133f9c3be04887dc1687ad7154
- SSDEEP
  
  3072:6fmwRHjS0ObMPjVw+usbpNpz4hXwz5Ts45FjKbnFNMDnlaAXiUk81r89k:6fJhus5OAmhyfhwk
Score

3^/10

execution
behavioral19 behavioral20
- Target
  
  workspace/vape/MainScript.lua
- Size
  
  83KB
- MD5
  
  4e3739d68f5985ab3797ab33e0975cdd
- SHA1
  
  7c37faf5a8643a5190ba286b630c9d3fe5bf32af
- SHA256
  
  3befe40113dd767799be851b50d23a56923ea296d2b50b3051a5764e18bd5641
- SHA512
  
  679faf5fa0f189eef742360cd5efecc429760544a0a6002fab8ea66d04c59202113ca1df804cc50af2adb9dba5ce94407ff22f0f1e7074d3d2ff8f703b5d5d9e
- SSDEEP
  
  768:aABxHBr9wodvBHW50nmXsWjk1jpVxjfjTIkjblSBd4UN6j0jo/QIIj8j8jLzYvDj:zh9lNDZL3QwxBXpEJxrSCNhPKydZlM
Score

3^/10

execution
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Themida packer

Suspicious use of NtSetInformationThreadHideFromDebugger

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22